Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
Essential information
- Published
- 13/01/2025 16:41
- Modified
- 14/01/2025 08:46
- Tags
- 2025-01-13 apt28 central asia cherryspy cyber espionage diplomatic double-tap hatvibe kazakhstan
- Related entities
- 12 observables, 1 intrusion sets (apt), 11 techniques (mitre), 2 malware, 10 others
Description
A cyber espionage campaign targeting Central Asian countries, particularly Kazakhstan's external relations, has been uncovered. The campaign, attributed to the Russia-aligned intrusion set UAC-0063, uses a sophisticated infection chain called Double-Tap to deliver the HATVIBE and CHERRYSPY malware. The attackers weaponized legitimate documents from Kazakhstan's Ministry of Foreign Affairs, focusing on diplomatic and economic topics. This operation aims to gather strategic intelligence on Kazakhstan's relations with Western and Central Asian countries, likely to preserve Russia's influence in the region. Technical similarities with APT28-related Zebrocy campaigns suggest a possible connection to Russian intelligence services. The campaign highlights Russia's efforts to maintain its strategic foothold in Central Asia amidst Kazakhstan's growing ties with Western states and China.